One means of authentication includes the use of password on computer systems. For example, on UNIX-type systems, the password for an account is stored in a hashed form. To make it harder for an attacker who has access to the hashed password to perform a class of brute force attacks and potentially gain knowledge of several passwords at once, the password is augmented with a small random value, also known as “salt” before it is hashed. The salt value and the hashed password are then stored in association with other account properties.
Since the salt value is randomly generated, only someone who already has access to the hashed password can compute what a hashed password value should be. This means that the hashed password has to be passed to the authentication process in clear text form. So, either the password must only be used over a secure connection, or the password can be stolen by an eavesdropper.
Similarly, many secure communication protocols require that two communicating programs or computers have a shared secret or a shared master secret, which is either directly or indirectly utilized to encrypt data between the two communicating programs or computers. The secure communication protocols can only decrypt messages where the shared secret is known. The shared secret cannot be provided to each communicating program or computer in the clear or an eavesdropper would be able to intercept the shared secret and use it to decrypt the communications between the programs or computers.